Endpoint Encryption

Dear all,

We have this problem for monthes now and I feel that this is not going to be solved.

Some collegues have an "old" PGP key (DH/DSS) created with an old version of PGP Desktop, standalone edition, from 2002 to 2004.

We have switched to Netshare and using now PGP Desktop version 10.1.2 and would like to create some common repository with encypted files available to only some persons.

When I add some collegues keys, I get the error : "One user key can't be used with Netshare." (I got the message with a french interface then the English wording could be slightly different).

PGP Netshare is then useless.

Please note that:

1- These collegues have exclusively a DH/DSS key.

2- Some other collegues DH/DSS keys doesn't generate the error.

Best regards,

Didier.

PS: I tried to generate the error with a DH/DSS that I created and uploaded to the Netshare Server but that keys didn't generate the error. (see this message thread : https://www-secure.symantec.com/connect/forums/transfer-dhdss-key-netshare-universal-server

Should I add some information.

Some attributs of the key usage are not displayed on the server for the keys that generate the error.

Then the question should be : why for some keys, the attributs are correctly set up on the server and for some others not.

We of course tried some tests like :

- deleting the key on the server and changing the key passphrase in PGP Desktop in order to upload again the key on the server (the result was the same, no key usage settings on the key in the server. The concerned key have all course the following key usages bits set in PGP Desktop: PGP Netshare, PGP Zip, PGP mail)

Best regards,

Didier.

I'm confused as to whether all of these problematic keys include having NetShare enabled in the Key Usage section of the key properties.  However, whether or not this is so, I'm thinking this might possibly be related to the keys having been generated prior to PGP having the NetShare component, and that this might be resolvable by generating a new encryption subkey on these keys.

Which universal server version?

I think you need to use group keys, thats a new feature in 3.2

Dear all,

We have used a kind of workaround to solve the problem.

The DH/DSS keys are something missconfigured or not correctly handled as they are created with old versions of PGP desktop.

Symantek finaly proposed to us the use of a "line command" version of PGP Desktop is order to manipulate each of the DH/DSS keys that are not usable in order to fine tune some kind of attributes.

This is quite heavy as the private keys have to be manipulated and I don't like this solution.

Then the workaround was simply (sorry but I have expected having a quite simple solution from Symantec) to ask to the persons owning the "old" DH/DSS keys to generate a new one that will be RSA and that will be used only internally for the PGP Netshares.

Then their old key is still usable for external communication while the new one are only used for secure storage with PGP Netshare.

That is not a satisfying solution but it works.

Best regards,

Didier.